How to Establish & Monitor Data Integrity Controls

A system of data integrity should include the following controls:

Control 1           No one individual should have complete control over all key processing functions for any financial transaction. These functions include:


  • Recording transactions into the financial system directly or through an interfacing system.
  • Authorizing transactions through pre-approval or post-audit review.
  • Receiving or disbursing funds.
  • Reconciling financial system transactions.
  • Recording corrections or adjustments.

If insufficient personnel within the unit make it necessary for one person to perform all of these functions, the unit must assign a second person to review the work for accuracy, timeliness and integrity.

Control 2           Ensure that all employees who prepare financial transactions provide adequate descriptions, explanations and backup documentation sufficient to support post-authorization review and any internal or external audit.
Control 3           Keep "office of record" documents (both forms and paperless transactions) physically secure and readily retrievable. These documents must be retained for the periods specified in the University Records Disposition Schedules Manual. 
Control 4           Ensure that staff reconcile transactions appearing on the general ledger at the end of each accounting period. All transactions must be verified for:


  • Amount
  • Account classification [Full Accounting Unit (FAU)]
  • Description
  • Proper accounting period

All reconciliations must be performed in a timely manner.

Control 5

Use exception reporting, variance analysis and other mechanisms to monitor, review and reconcile financial activity to ensure that: 

  • Employees are adequately trained in preparing and processing financial transactions.
  • Transactions and balances that exceed control thresholds or counter policies, regulations or laws are questioned and thoroughly analyzed, and that corrections or adjustments are fully documented and processed in a timely manner.
  • Locally generated reports do not distort or misrepresent the source data used to prepare them. In particular, reports must be reconcilable back to the original data as it appears in the financial system. Any adjustments made in preparing a local report must be documented and recorded immediately.
  • All unit assets are properly described and accounted for in the financial system.
  • Actual physical assets are compared to recorded assets in the financial system, and discrepancies are resolved in a timely manner.
Control 6Encourage all employees to report any breakdown or compromise in the unit's data integrity without fear of reprisal.


For further information, contact Audit and Advisory Services.